Getting table content via helper

I've made a simple cms. I have a table with page content. In the view I
make a call for a helper that get's the data:

View:

<%= content(the_id) %>

In the application helper:

  def content(c)
    @content = Pagecontent.find(c).content
  end

This works great. Any problems with this, like security? Any other way
to do it this simple?

Hi Pål Bergström

    My opinion is you can move Pagecontent.find(c) to model and access
this from controller. Then just use it in view so to avoid making db
call from helper/view even this is simple

Sijo

Hi Pål Bergström

Are there any real security problems with my way?

      No security problems I think

Sijo

Pål Bergström wrote:

Marnen Laibow-Koser wrote:

Put the query in the controller. Assign it to a variable. Use the
variable in the view. Just as simple. No helper necessary. No
breaking MVC.

Will mean extra coding for each page.

I don't believe it will, but perhaps I don't understand the structure of
your app. Can you explain how you're using this?

Anyway, even if it *does* mean extra coding, it's the right thing to do.

Best,

Marnen Laibow-Koser wrote:

I don't believe it will, but perhaps I don't understand the structure of
your app. Can you explain how you're using this?

Anyway, even if it *does* mean extra coding, it's the right thing to do.

Let's say I have 5 pages. Each page can have 1 or more areas which can
be edited by the user. Probably 1-3 areas, where the main sections is
the body text.

Each area is assigned an id. By using my setup as above I can assign the
id and content for each area in the view, and that's it. No extra coding
or assigning a variable for each page and each area.

This is like static CMS where the control of new pages are limited but
not the actual text/content.

Pål Bergström wrote:

Marnen Laibow-Koser wrote:

I don't believe it will, but perhaps I don't understand the structure of
your app. Can you explain how you're using this?

Anyway, even if it *does* mean extra coding, it's the right thing to do.

Let's say I have 5 pages. Each page can have 1 or more areas which can
be edited by the user. Probably 1-3 areas, where the main sections is
the body text.

Each area is assigned an id. By using my setup as above I can assign the
id and content for each area in the view, and that's it. No extra coding
or assigning a variable for each page and each area.

So the Pagecontent (should be PageContent!) is the model for the
editable area?

Are the 5 pages rendered by separate controller actions, or by the same
action on different instances of Page?

This is like static CMS where the control of new pages are limited but
not the actual text/content.

Best,

Marnen Laibow-Koser wrote:

So your controller is just

def page1
end

def page2
end

?

Where do the ids that you're passing to the pagecontent helper get set?

In the view with.

<%= content(the_id_of_content) %>

In the application helper:

  def content(c)
    @content = Pagecontent.find(c).content
  end

Pål Bergström wrote:

Marnen Laibow-Koser wrote:

[...]

Where do the ids that you're passing to the pagecontent helper get set?

In the view with.

<%= content(the_id_of_content) %>

In the application helper:

  def content(c)
    @content = Pagecontent.find(c).content
  end

Then the best thing to do, it seems to me, is to restructure things as I
indicated before. Moving the query into the controller will not require
any more code, and it will decouple the view from the DB (which is the
right thing). The proper Railsy way is like this:

# controller
def page1
  @content = Pagecontent.find(whatever)
end

# page1.html.erb
<%= @content %>

Less code than a helper, more flexible, and more truly MVC. The helper
method has nothing at all to recommend it here.

Best,

Marnen Laibow-Koser wrote:

Then the best thing to do, it seems to me, is to restructure things as I
indicated before. Moving the query into the controller will not require
any more code, and it will decouple the view from the DB (which is the
right thing). The proper Railsy way is like this:

# controller
def page1
  @content = Pagecontent.find(whatever)
end

# page1.html.erb
<%= @content %>

Less code than a helper, more flexible, and more truly MVC. The helper
method has nothing at all to recommend it here.

I don't see how that would mean less code.

Pål Bergström wrote:

Marnen Laibow-Koser wrote:

Then the best thing to do, it seems to me, is to restructure things as I
indicated before. Moving the query into the controller will not require
any more code, and it will decouple the view from the DB (which is the
right thing). The proper Railsy way is like this:

# controller
def page1
  @content = Pagecontent.find(whatever)
end

# page1.html.erb
<%= @content %>

Less code than a helper, more flexible, and more truly MVC. The helper
method has nothing at all to recommend it here.

I don't see how that would mean less code.

With the helper, you have both the helper method definition and the call
in the view. With the proper Railsy way, you just have the call in the
controller (equivalent to the helper definition) and the variable is
already set for the view without further work.

But don't take my word for it. Branch your project and try it!

Best,